SOme help if possible,
I have a DC that I am retiring asap but it is an Enterprise CA and has been for the life of the DC and server. This was the main DC that held everything (first ever DC in the domain) until I farmed off the FSMO roles, services etc to other 2008 R2 DC's.
My lack of knowledge with CA's is clearly apparent. We have another Ent CA on a member server that issues certs for wireless and radius access and that is it. It's not issuing certs for anything else.
I'm pretty sure the 2003 CA is not required, but has been issuing a few certs over the last few months to new servers.
The majority of certs have expired with no ill effects. I would have thought that if it was required for anything, I would have seen ramifications long ago.
Does AD need certs for anything? Again, only 2 out of the 3 DC's have a valid cert from the ENt CA, and the other 2 DC's certs have expired, again, without ill effect.
Can i assume it's just issuing certs based on the fact that it can, as stated in a template somewhere, but they aren't actually required for anything?
I have read an awful lot, but have become more confused the more i read on this, as the majority of things are based on wanting to do something specific, but I don't want to do anything, just find out how to stop issuing certs and then demote and remove to 2003 DC
Can anyone advise? Let me know if you need further info. Thanks